Light

aogier / starlette-authlib Goto Github PK

View Code? Open in Web Editor NEW

58.0 3.0 10.0 709 KB

A drop-in replacement for Starlette session middleware, using Authlib's jwt

License: BSD 3-Clause "New" or "Revised" License

Python 95.49% Dockerfile 4.51%

starlette starlette-middleware asgi authlib jwt-middleware jwt

starlette-authlib's Introduction

Starlette Authlib Middleware

Introduction

A drop-in replacement for Starlette session middleware, using authlib's jwt.

Rationale

It is sometimes necessary to integrate a Starlette-based application into more complex scenarios where other actors need to make decisions based on session data. This middleware makes this possible by using a standard JWT token instead of the Starlette-encrypted one, thus simplifying interaction with third-party components.

Requirements

Python 3.7+
Starlette 0.9+

Installation

pip install starlette-authlib

Usage

A complete example where we drop-in replace standard session middleware:

from starlette.applications import Starlette

from starlette_authlib.middleware import AuthlibMiddleware as SessionMiddleware


app = Starlette()

app.add_middleware(SessionMiddleware, secret_key='secret')

Other things you can configure either via environment variables or .env file:

DOMAIN - declare cookie domain. App must be under this domain. If empty, the cookie is restricted to the subdomain of the app (this is useful when you write eg. SSO portals)
JWT_ALG - one of authlib JWT supported algorithms
JWT_SECRET - jwt secret. Only useful for HS* algorithms, see the sample_app folder for middleware usage w/ crypto keys.

See it in action: sample application

A sample application is included, and you can run it with either Starlette-based session middleware or this one, just by setting a variable:

# run with vanilla Starlette-based session middleware
VANILLA=1 uvicorn sample_app.app:app

# run with this drop-in replacement
uvicorn sample_app.app:app

As you can notice in code here, the only difference is an import name, based on this VANILLA env var.

Contributing

This project is absolutely open to contributions so if you have a nice idea, create an issue to let the community discuss it.

starlette-authlib's People

Contributors

Stargazers

Watchers

Forkers

rjcortese kellenff rcyrus rajesh01s cbepx lgtm-migrator lannuttia renovate-reproductions deepcyrille gygabyte017

starlette-authlib's Issues

Your .dependabot/config.yml contained invalid details

Dependabot encountered the following error when parsing your .dependabot/config.yml:

The property '#/' did not contain a required property of 'update_configs'
The property '#/' contains additional properties ["updates"] outside of the schema when none are allowed
The property '#/version' value 2 did not match one of the following values: 1

Please update the config file to conform with Dependabot's specification using our docs and online validator.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Update dependency starlette to v0.38.1
Update dependency autoflake to <2.4
Update python Docker tag to v3.12
Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

Detected dependencies

dockerfile

Dockerfile

python 3.10

github-actions

.github/workflows/codeql.yml

actions/checkout v4

github/codeql-action v3

github/codeql-action v3

github/codeql-action v3

.github/workflows/release.yaml

actions/checkout v4

.github/workflows/test.yaml

actions/checkout v4

pep621

pyproject.toml

poetry >=0.12

poetry

pyproject.toml

python ^3.8

authlib <1.4

starlette <0.39

autoflake <2.3

black ^23

codecov ^2.1.12

httpx ^0.24.0

mypy ^1.1

pre-commit 2.21.0

pytest ^7

pytest-cov ^4

requests ^2.28.2

isort ^5.11.5

Check this box to trigger a request for Renovate to run again on this repository

Support for path attribute

Hi, I see in the code that the path is statically set to "/", may it be set in the object initialization as starlette's SessionManager does?

Store session cookie in database

Is there any way to store the cookie in a database after creating it?

My requirement is that I need to be able to logout all of a user's sessions without having to wait until the token expires. To do this I want to store the token in a database associated with the user such that on logout all of their sessions can be logged out by removing the cookies from the db.

Looking through the code it looks like this may only be possible by adding some custom middleware after the cookie encoding and saving it from there but this does not feel like a clean solution.

[Feature] Update to authlib >= 1.0

Hello, authlib has released new major version with some breaking changes, update this project dependencies please.

Middleware Does Not Honor nbf Claim

Issue:
If an nbf registered claim is provided to this middleware, it is not honored.

Expected:
If an nbf claim is provided and it is in the future, then the session dict should be empty since the session is not technically valid.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.